[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Certificate authentication and back-ldap proxy
Am Tue, 28 Dec 2010 14:31:46 +0000
schrieb Ubay Dorta Guerra <udorta@iac.es>:
> Hi,
>
> El 28/12/10 12:00, openldap-technical-request@OpenLDAP.org escribió:
> > Hi,
> > Am Mon, 27 Dec 2010 15:15:21 +0000
> > schrieb Ubay Dorta Guerra <udorta@iac.es>:
> >
> >
> >> The simple bind under TLS worked but when i try to use
> >> cert-based SASL EXTERNAL authentication i get no success.
> >>
> >> In the proxy server configuration i add the following directive
> >>
> >> idassert-bind bindmethod=sasl
> >> saslmech=EXTERNAL
> >> binddn="CN=proxy-server1.example.com,O=Internet
> >>
> > the binddn should be empty or just don't configure a binddn.
> >
> >
>
> Thank you very much.
>
> I have deleted the binddn in proxy configuration:
>
> idassert-bind bindmethod=sasl
> saslmech=EXTERNAL
> tls_cert=/etc/ssl/certs/proxy-server1.example.com.pem
> tls_key=/etc/ssl/private/proxy-server1.example.com.key
> tls_cacertdir=/etc/ssl/cacerts/
> tls_reqcert=demand
> mode=self
>
> Now when i make a password change:
>
> ldapmodify -x -H ldaps://proxy-server1.example.com -f pass2_user.ldif
> -D 'uid=user_w_pass,ou=people,dc=example,dc=com' -W
> Enter LDAP Password:
> modifying entry "uid=user_w_pass,ou=people,dc=example,dc=com"
For password modification you should probably call the extended
operation modifiy password (RFC-3206), which is supported by
ldappasswd(5).
-Dieter
--
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53°37'09,95"N
10°08'02,42"E